tryaudex_core/

policy.rs

use std::collections::HashMap;

use serde::{Deserialize, Serialize};

use crate::error::{AvError, Result};

/// Network policy configuration for restricting credential usage by source IP/VPC.
#[derive(Debug, Clone, Serialize, Deserialize, Default)]
pub struct NetworkPolicy {
    /// Allowed source IP addresses or CIDR ranges (e.g. ["10.0.0.0/8", "203.0.113.5"])
    #[serde(default)]
    pub allowed_ips: Vec<String>,
    /// Allowed VPC IDs (e.g. ["vpc-abc123"])
    #[serde(default)]
    pub allowed_vpcs: Vec<String>,
    /// Allowed VPC endpoint IDs (e.g. ["vpce-abc123"])
    #[serde(default)]
    pub allowed_vpc_endpoints: Vec<String>,
}

/// A parsed IAM action pattern like "s3:GetObject" or "lambda:Update*".
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ActionPattern {
    pub service: String,
    pub action: String,
}

impl ActionPattern {
    /// Parse a string like "s3:GetObject" into an ActionPattern.
    pub fn parse(s: &str) -> Result<Self> {
        let parts: Vec<&str> = s.splitn(2, ':').collect();
        if parts.len() != 2 {
            return Err(AvError::InvalidPolicy(format!(
                "Invalid action format '{}'. Expected 'service:Action' (e.g. 's3:GetObject')",
                s
            )));
        }
        Ok(Self {
            service: parts[0].to_string(),
            action: parts[1].to_string(),
        })
    }

    /// Convert to IAM action string (AWS format: service:Action).
    pub fn to_iam_action(&self) -> String {
        format!("{}:{}", self.service, self.action)
    }

    /// Parse a GCP permission like "storage.objects.get" or "compute.instances.list".
    pub fn parse_gcp(s: &str) -> Result<Self> {
        let pos = s.find('.').ok_or_else(|| {
            AvError::InvalidPolicy(format!(
                "Invalid GCP permission '{}'. Expected 'service.resource.verb' (e.g. 'storage.objects.get')",
                s
            ))
        })?;
        Ok(Self {
            service: s[..pos].to_string(),
            action: s[pos + 1..].to_string(),
        })
    }

    /// Convert to GCP permission string (service.resource.verb).
    pub fn to_gcp_permission(&self) -> String {
        format!("{}.{}", self.service, self.action)
    }

    /// Parse an Azure permission like "Microsoft.Storage/storageAccounts/read".
    pub fn parse_azure(s: &str) -> Result<Self> {
        let pos = s.find('/').ok_or_else(|| {
            AvError::InvalidPolicy(format!(
                "Invalid Azure permission '{}'. Expected 'Microsoft.Service/resource/action' (e.g. 'Microsoft.Storage/storageAccounts/read')",
                s
            ))
        })?;
        Ok(Self {
            service: s[..pos].to_string(),
            action: s[pos + 1..].to_string(),
        })
    }

    /// Convert to Azure permission string (Microsoft.Service/resource/action).
    pub fn to_azure_permission(&self) -> String {
        format!("{}/{}", self.service, self.action)
    }

    /// Check if this pattern matches another action (for deny list checking).
    /// Supports wildcards: "iam:*" matches "iam:CreateRole", "*:*" matches everything.
    pub fn matches(&self, other: &ActionPattern) -> bool {
        let service_match = self.service == "*" || self.service == other.service;
        let action_match = self.action == "*"
            || self.action == other.action
            || (self.action.ends_with('*')
                && other
                    .action
                    .starts_with(&self.action[..self.action.len() - 1]));
        service_match && action_match
    }
}

/// A scoped IAM policy built from user-specified allowed actions.
#[derive(Debug, Clone, Serialize, Deserialize)]
pub struct ScopedPolicy {
    pub actions: Vec<ActionPattern>,
    pub resources: Vec<String>,
}

impl ScopedPolicy {
    /// Parse a comma-separated allow string like "s3:GetObject,lambda:Update*".
    /// Optionally accepts resource ARNs to restrict beyond just actions.
    pub fn from_allow_str(allow: &str) -> Result<Self> {
        Self::from_allow_str_with_resources(allow, None)
    }

    /// Parse allow string with optional resource ARN restrictions.
    pub fn from_allow_str_with_resources(allow: &str, resources: Option<&str>) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid actions provided".to_string(),
            ));
        }

        let resources = match resources {
            Some(r) => {
                let parsed: Vec<String> = r
                    .split(',')
                    .map(|s| s.trim().to_string())
                    .filter(|s| !s.is_empty())
                    .collect();
                if parsed.is_empty() {
                    vec!["*".to_string()]
                } else {
                    parsed
                }
            }
            None => vec!["*".to_string()],
        };

        Ok(Self { actions, resources })
    }

    /// Parse a comma-separated GCP permissions string like "storage.objects.get,compute.instances.list".
    pub fn from_gcp_allow_str(allow: &str) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse_gcp)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid GCP permissions provided".to_string(),
            ));
        }

        Ok(Self {
            actions,
            resources: vec!["*".to_string()],
        })
    }

    /// Parse a comma-separated Azure permissions string like "Microsoft.Storage/storageAccounts/read".
    pub fn from_azure_allow_str(allow: &str) -> Result<Self> {
        let actions = allow
            .split(',')
            .map(|s| s.trim())
            .filter(|s| !s.is_empty())
            .map(ActionPattern::parse_azure)
            .collect::<Result<Vec<_>>>()?;

        if actions.is_empty() {
            return Err(AvError::InvalidPolicy(
                "No valid Azure permissions provided".to_string(),
            ));
        }

        Ok(Self {
            actions,
            resources: vec!["*".to_string()],
        })
    }

    /// Generate the AWS IAM policy JSON document for STS inline policy.
    pub fn to_iam_policy_json(&self) -> Result<String> {
        self.to_iam_policy_json_with_network(None)
    }

    /// Generate the AWS IAM policy JSON with a Deny statement that blocks
    /// the caller from removing or overwriting the given tag key. Used by
    /// `--tag-session` to keep agents from stripping the `tryaudex-session`
    /// marker mid-session and escaping cleanup.
    pub fn to_iam_policy_json_with_tag_lock(&self, tag_key: &str) -> Result<String> {
        self.to_iam_policy_json_with_network_and_tag_lock(None, Some(tag_key))
    }

    /// Full policy JSON with both network conditions and tag-lock deny.
    pub fn to_iam_policy_json_with_network_and_tag_lock(
        &self,
        network: Option<&NetworkPolicy>,
        tag_lock_key: Option<&str>,
    ) -> Result<String> {
        // Reuse the existing network logic for the Allow statement.
        let base_json = self.to_iam_policy_json_with_network(network)?;
        let tag_lock_key = match tag_lock_key {
            Some(k) => k,
            None => return Ok(base_json),
        };
        let mut doc: serde_json::Value =
            serde_json::from_str(&base_json).map_err(|e| AvError::InvalidPolicy(e.to_string()))?;
        let deny = serde_json::json!({
            "Sid": "DenyTryaudexTagRemoval",
            "Effect": "Deny",
            "Action": tag_mutation_actions(),
            "Resource": "*",
            "Condition": {
                "ForAnyValue:StringEquals": {
                    "aws:TagKeys": [tag_lock_key]
                }
            }
        });
        if let Some(stmts) = doc.get_mut("Statement").and_then(|s| s.as_array_mut()) {
            stmts.push(deny);
        }
        serde_json::to_string_pretty(&doc).map_err(|e| AvError::InvalidPolicy(e.to_string()))
    }

    /// Generate the AWS IAM policy JSON with optional network conditions.
    pub fn to_iam_policy_json_with_network(
        &self,
        network: Option<&NetworkPolicy>,
    ) -> Result<String> {
        let mut statement = serde_json::json!({
            "Effect": "Allow",
            "Action": self.actions.iter().map(|a| a.to_iam_action()).collect::<Vec<_>>(),
            "Resource": self.resources,
        });

        // Add network conditions if configured
        if let Some(net) = network {
            let mut conditions: HashMap<String, HashMap<String, serde_json::Value>> =
                HashMap::new();

            if !net.allowed_ips.is_empty() {
                let mut ip_cond = HashMap::new();
                ip_cond.insert(
                    "aws:SourceIp".to_string(),
                    serde_json::json!(net.allowed_ips),
                );
                conditions.insert("IpAddress".to_string(), ip_cond);
            }

            if !net.allowed_vpcs.is_empty() {
                let mut vpc_cond = HashMap::new();
                vpc_cond.insert(
                    "aws:SourceVpc".to_string(),
                    serde_json::json!(net.allowed_vpcs),
                );
                conditions
                    .entry("StringEquals".to_string())
                    .or_default()
                    .extend(vpc_cond);
            }

            if !net.allowed_vpc_endpoints.is_empty() {
                let mut vpce_cond = HashMap::new();
                vpce_cond.insert(
                    "aws:SourceVpce".to_string(),
                    serde_json::json!(net.allowed_vpc_endpoints),
                );
                conditions
                    .entry("StringEquals".to_string())
                    .or_default()
                    .extend(vpce_cond);
            }

            if !conditions.is_empty() {
                statement["Condition"] = serde_json::json!(conditions);
            }
        }

        let policy = serde_json::json!({
            "Version": "2012-10-17",
            "Statement": [statement]
        });
        serde_json::to_string_pretty(&policy).map_err(|e| AvError::InvalidPolicy(e.to_string()))
    }

    /// Check all actions against a deny list. Returns error if any action is denied.
    pub fn enforce_deny_list(&self, deny: &[String]) -> Result<()> {
        let deny_patterns: Vec<ActionPattern> = deny
            .iter()
            .filter_map(|d| ActionPattern::parse(d).ok())
            .collect();

        for action in &self.actions {
            for deny_pattern in &deny_patterns {
                if deny_pattern.matches(action) {
                    return Err(AvError::InvalidPolicy(format!(
                        "Action '{}' is blocked by deny list rule '{}'",
                        action.to_iam_action(),
                        deny_pattern.to_iam_action()
                    )));
                }
            }
        }
        Ok(())
    }

    /// List the services involved in this policy.
    pub fn services(&self) -> Vec<String> {
        let mut services: Vec<String> = self.actions.iter().map(|a| a.service.clone()).collect();
        services.sort();
        services.dedup();
        services
    }
}

/// List every AWS IAM action that could remove or overwrite a tag. The
/// `aws:TagKeys` condition constrains these denies to actions where the
/// tryaudex-session key is the one being touched, so the agent can still
/// freely manage unrelated tags on their own resources.
fn tag_mutation_actions() -> Vec<&'static str> {
    vec![
        // ec2 uses a non-standard tag API
        "ec2:DeleteTags",
        "ec2:CreateTags",
        // Generic tagging APIs — cover the cross-service paths
        "tag:UntagResources",
        "tag:TagResources",
        // s3 — bucket-level tagging is separate
        "s3:DeleteBucketTagging",
        "s3:PutBucketTagging",
        // per-service Untag* / Remove*Tags — common agent-accessible services
        "dynamodb:UntagResource",
        "dynamodb:TagResource",
        "sns:UntagResource",
        "sns:TagResource",
        "sqs:UntagQueue",
        "sqs:TagQueue",
        "lambda:UntagResource",
        "lambda:TagResource",
        "rds:RemoveTagsFromResource",
        "rds:AddTagsToResource",
        "iam:UntagRole",
        "iam:UntagUser",
        "iam:UntagPolicy",
        "iam:TagRole",
        "iam:TagUser",
        "iam:TagPolicy",
        "secretsmanager:UntagResource",
        "secretsmanager:TagResource",
        "ssm:RemoveTagsFromResource",
        "ssm:AddTagsToResource",
        "cloudformation:UntagResource",
        "cloudformation:TagResource",
        "ecr:UntagResource",
        "ecr:TagResource",
        "kms:UntagResource",
        "kms:TagResource",
        "logs:UntagLogGroup",
        "logs:TagLogGroup",
    ]
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_parse_action() {
        let action = ActionPattern::parse("s3:GetObject").unwrap();
        assert_eq!(action.service, "s3");
        assert_eq!(action.action, "GetObject");
    }

    #[test]
    fn test_parse_wildcard_action() {
        let action = ActionPattern::parse("lambda:Update*").unwrap();
        assert_eq!(action.service, "lambda");
        assert_eq!(action.action, "Update*");
    }

    #[test]
    fn test_invalid_action() {
        assert!(ActionPattern::parse("invalid").is_err());
    }

    #[test]
    fn test_from_allow_str() {
        let policy =
            ScopedPolicy::from_allow_str("s3:GetObject, lambda:UpdateFunctionCode").unwrap();
        assert_eq!(policy.actions.len(), 2);
    }

    #[test]
    fn test_from_allow_str_with_resources() {
        let policy = ScopedPolicy::from_allow_str_with_resources(
            "s3:GetObject",
            Some("arn:aws:s3:::my-bucket/*,arn:aws:s3:::my-bucket"),
        )
        .unwrap();
        assert_eq!(policy.resources.len(), 2);
        assert_eq!(policy.resources[0], "arn:aws:s3:::my-bucket/*");
        assert_eq!(policy.resources[1], "arn:aws:s3:::my-bucket");
    }

    #[test]
    fn test_from_allow_str_default_resources() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        assert_eq!(policy.resources, vec!["*"]);
    }

    #[test]
    fn test_to_iam_policy_json() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy.to_iam_policy_json().unwrap();
        assert!(json.contains("s3:GetObject"));
        assert!(json.contains("2012-10-17"));
    }

    #[test]
    fn tag_lock_appends_deny_statement_bound_to_key() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy
            .to_iam_policy_json_with_tag_lock("tryaudex-session")
            .unwrap();
        let doc: serde_json::Value = serde_json::from_str(&json).unwrap();
        let stmts = doc["Statement"].as_array().unwrap();
        assert_eq!(stmts.len(), 2, "expected Allow + Deny statements");
        let deny = &stmts[1];
        assert_eq!(deny["Effect"], "Deny");
        assert_eq!(deny["Sid"], "DenyTryaudexTagRemoval");
        assert_eq!(
            deny["Condition"]["ForAnyValue:StringEquals"]["aws:TagKeys"][0],
            "tryaudex-session"
        );
        // Spot-check that the Deny action list covers the critical paths.
        let actions = deny["Action"].as_array().unwrap();
        let action_strs: Vec<&str> = actions.iter().filter_map(|v| v.as_str()).collect();
        assert!(action_strs.contains(&"ec2:DeleteTags"));
        assert!(action_strs.contains(&"tag:UntagResources"));
        assert!(action_strs.contains(&"s3:DeleteBucketTagging"));
    }

    #[test]
    fn tag_lock_with_none_key_is_noop() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let base = policy.to_iam_policy_json_with_network(None).unwrap();
        let with_none = policy
            .to_iam_policy_json_with_network_and_tag_lock(None, None)
            .unwrap();
        assert_eq!(base, with_none);
    }

    #[test]
    fn test_wildcard_matches() {
        let deny = ActionPattern::parse("iam:*").unwrap();
        let action = ActionPattern::parse("iam:CreateRole").unwrap();
        assert!(deny.matches(&action));
    }

    #[test]
    fn test_prefix_wildcard_matches() {
        let deny = ActionPattern::parse("lambda:Update*").unwrap();
        let update = ActionPattern::parse("lambda:UpdateFunctionCode").unwrap();
        let get = ActionPattern::parse("lambda:GetFunction").unwrap();
        assert!(deny.matches(&update));
        assert!(!deny.matches(&get));
    }

    #[test]
    fn test_wildcard_no_cross_service() {
        let deny = ActionPattern::parse("iam:*").unwrap();
        let action = ActionPattern::parse("s3:GetObject").unwrap();
        assert!(!deny.matches(&action));
    }

    #[test]
    fn test_deny_list_blocks_action() {
        let policy = ScopedPolicy::from_allow_str("iam:CreateRole,s3:GetObject").unwrap();
        let deny = vec!["iam:*".to_string()];
        let result = policy.enforce_deny_list(&deny);
        assert!(result.is_err());
        assert!(result.unwrap_err().to_string().contains("iam:CreateRole"));
    }

    #[test]
    fn test_deny_list_allows_safe_actions() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject,s3:ListBucket").unwrap();
        let deny = vec!["iam:*".to_string(), "organizations:*".to_string()];
        assert!(policy.enforce_deny_list(&deny).is_ok());
    }

    #[test]
    fn test_parse_gcp_permission() {
        let action = ActionPattern::parse_gcp("storage.objects.get").unwrap();
        assert_eq!(action.service, "storage");
        assert_eq!(action.action, "objects.get");
        assert_eq!(action.to_gcp_permission(), "storage.objects.get");
    }

    #[test]
    fn test_from_gcp_allow_str() {
        let policy =
            ScopedPolicy::from_gcp_allow_str("storage.objects.get, compute.instances.list")
                .unwrap();
        assert_eq!(policy.actions.len(), 2);
        assert_eq!(policy.actions[0].to_gcp_permission(), "storage.objects.get");
        assert_eq!(
            policy.actions[1].to_gcp_permission(),
            "compute.instances.list"
        );
    }

    #[test]
    fn test_gcp_permission_invalid() {
        assert!(ActionPattern::parse_gcp("invalidpermission").is_err());
    }

    #[test]
    fn test_parse_azure_permission() {
        let action = ActionPattern::parse_azure("Microsoft.Storage/storageAccounts/read").unwrap();
        assert_eq!(action.service, "Microsoft.Storage");
        assert_eq!(action.action, "storageAccounts/read");
        assert_eq!(
            action.to_azure_permission(),
            "Microsoft.Storage/storageAccounts/read"
        );
    }

    #[test]
    fn test_from_azure_allow_str() {
        let policy = ScopedPolicy::from_azure_allow_str(
            "Microsoft.Storage/storageAccounts/read, Microsoft.Compute/virtualMachines/read",
        )
        .unwrap();
        assert_eq!(policy.actions.len(), 2);
        assert_eq!(
            policy.actions[0].to_azure_permission(),
            "Microsoft.Storage/storageAccounts/read"
        );
        assert_eq!(
            policy.actions[1].to_azure_permission(),
            "Microsoft.Compute/virtualMachines/read"
        );
    }

    #[test]
    fn test_azure_permission_invalid() {
        assert!(ActionPattern::parse_azure("invalidpermission").is_err());
    }

    #[test]
    fn test_network_policy_ip_condition() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let network = NetworkPolicy {
            allowed_ips: vec!["10.0.0.0/8".to_string(), "203.0.113.5".to_string()],
            allowed_vpcs: vec![],
            allowed_vpc_endpoints: vec![],
        };
        let json = policy
            .to_iam_policy_json_with_network(Some(&network))
            .unwrap();
        assert!(json.contains("aws:SourceIp"));
        assert!(json.contains("10.0.0.0/8"));
        assert!(json.contains("IpAddress"));
    }

    #[test]
    fn test_network_policy_vpc_condition() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let network = NetworkPolicy {
            allowed_ips: vec![],
            allowed_vpcs: vec!["vpc-abc123".to_string()],
            allowed_vpc_endpoints: vec!["vpce-xyz789".to_string()],
        };
        let json = policy
            .to_iam_policy_json_with_network(Some(&network))
            .unwrap();
        assert!(json.contains("aws:SourceVpc"));
        assert!(json.contains("vpc-abc123"));
        assert!(json.contains("aws:SourceVpce"));
        assert!(json.contains("vpce-xyz789"));
        assert!(json.contains("StringEquals"));
    }

    #[test]
    fn test_no_network_policy() {
        let policy = ScopedPolicy::from_allow_str("s3:GetObject").unwrap();
        let json = policy.to_iam_policy_json_with_network(None).unwrap();
        assert!(!json.contains("Condition"));
    }
}